Claims 



1 . A method for accessing a cluster of servers from an internet public subnet using 
a single public IP address, said method comprising the steps of: 

interfacing a single firewall or cluster of firewalls with a public IP address to said 
5 internet public subnet to receive service requests for said cluster of network servers; 

interfacing a first private subnet with a plurality of private IP addresses to said 
single firewall or cluster of firewalls to receive the service requests for said cluster of 
network servers after passing through said single firewall or cluster of firewalls; 

interfacing a plurality of redundant load balancers with a respective plurality of 
10 private IP addresses to said first private subnet to receive the service requests for said 
cluster of networks after passing through said first private subnet; 

interfacing said load balancers to a second private subnet; and 

interfacing said network servers with respective private IP addresses to said 
second private subnet to receive said service requests from said load balancers. 

15 2. A method as set forth in claim 1 wherein there is said cluster of firewalls 
interfaced to said internet public subnet, and further comprising the step of 
synchronizing said firewalls with a private IP address. 

3. A method as set forth in claim 1 further comprising the step of synchronizing said 
load balancers with a private IP address. 

20 4. A system for accessing a cluster of servers from an internet public subnet using 
a single public IP address, said system comprising: 



FR920020043US1 



27 



a network load balancer system for said cluster, said network load balancer 
system comprising a plurality of redundant network load balancers; 

one or more access routing devices coupled to said internet public subnet and 
having a public IP address; 

5 a private internet access subnet between said one or more access routing 

devices and said load balancer system and having a range of private IP addresses; 

a private network sen/er subnet between said load balancer system and said 
cluster; and 

means, at an initialization time, for defining a private IP address for the network 
10 load balancer system within the internet access subnet, and when one of said load 
balancers becomes primary at the initialization time or switches from a standby state to 
an active state, defining said network load balancer system private IP address as an 
alias in an interface table to be recognized by said one load balancer, and when said 
one network load balancer switches from the active state to a standby state, releasing 
15 from the interface table, the network load balancer system private IP address previously 
defined as the alias. 

5. A method for accessing a cluster of servers from an internet public subnet using 
a single public IP address, wherein there is a network load balancer system for said 
cluster, one or more access routing devices coupled to said internet public subnet, a 
20 private internet access subnet coupled between said one or more access routing 

devices and said load balancer system and having a range of private IP addresses, and 
a private network server subnet between said load balancer system and said cluster, 
said network load balancer system comprising a plurality of redundant network load 
balancers, said method comprising the steps of. 
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at an initialization time, defining a private IP address for the network load 
balancer system within the intemet access subnet; 

when one of said load balancers becomes primary at the initialization time or 
switches from a standby state to an active state, defining said network load balancer 
5 system private IP address as an alias in an interface table to be recognized by said one 
load balancer; and 

when said one network load balancer switches from the active state to a standby 
state, releasing from the interface table, the network load balancer system private IP 
address previously defined as the alias. 

10 6. The method as set forth in claim 5 wherein said step of defining said network 
load balancer system private IP address as an alias in an interface table comprises the 
step of associating in said interface table the network load balancer system private IP 
address with the physical hardware address of the network load balancer system. 

7. The method as set forth in claim 5 wherein said step of defining said network 

15 load balancer system private IP address as an alias comprises the step of broadcasting 
a message on the private internet access subnet, said message comprising the 
physical hardware address of the network load balancer system and the private IP 
address of the network load balancer system. 

8. The method as set forth in claim 5 further comprising the steps of: 

20 receiving an address resolution request, said request comprising the network 

load balancer system private IP address; and 

checking whether or not the network load balancer system private IP address is 
in the interface table, and if the network load balancer system private IP address is in 
the interface table, sending a reply comprising the physical hardware address 
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associated in the interface table with the network load balancer system private IP 
address, and if the network load balancer system private IP address is not in the 
interface table, sending no reply. 

9. The method as set forth in claim 5 wherein said one or more access routing 
5 devices are a redundant system of access routers based on the Virtual Router 

Redundancy Protocol (VRRP), said access router system comprising a master access 
router and a backup access router; each of said access routers being connected to 
clients though the internet public subnet and to the network load balancing system 
through the internet access private subnet. 

10 10. The method as set forth in claim 5 wherein each of said access routing devices 
is a firewall. 
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